The openid sample app has remember-me configured, but has no checkbox for it on the login chooser page. I guess that this means that remember-me is always active.
To test remember-me, is it correct that I need to let the session time out (decrease my session timeout for practicality), because I think if you log out explicitly you should not be logged back in automatically. Is that correct? You can see that I have very little experience with remember-me. Happens to not have been a requirement for my apps until now (mostly due to security requirements).
My main question here is, with openid is it possible for the end user to specify that they want remember-me or not, as is typical with a checkbox on a traditional login page, in case the user is using a public PC, shared account, etc., or is just paranoid.